The Java XML parsing code processed external entity references even whenthe "external general entities" property was set to "FALSE". This allowedremote attackers to conduct XML External Entity (XXE) attacks, possiblycausing a denial of service, or gaining access to restricted resources.(CVE-2008-0628)

A flaw was found in the Java XSLT processing classes. An untrustedapplication or applet could cause a denial of service, or execute arbitrarycode with the permissions of the user running the JRE. (CVE-2008-1187)

A flaw was found in the JRE image parsing libraries. An untrustedapplication or applet could cause a denial of service, or possible executearbitrary code with the permissions of the user running the JRE.(CVE-2008-1193)

A flaw was found in the JRE color management library. An untrustedapplication or applet could trigger a denial of service (JVM crash).(CVE-2008-1194)

The vulnerabilities concerning applets listed above can only be triggeredin java-1.6.0-bea, by calling the "appletviewer" application.

Users of java-1.6.0-bea are advised to upgrade to these updated packages,which resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188